1 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
2 * All rights reserved.
3 *
4 * This package is an SSL implementation written
5 * by Eric Young (eay@cryptsoft.com).
6 * The implementation was written so as to conform with Netscapes SSL.
7 *
8 * This library is free for commercial and non-commercial use as long as
9 * the following conditions are aheared to. The following conditions
10 * apply to all code found in this distribution, be it the RC4, RSA,
11 * lhash, DES, etc., code; not just the SSL code. The SSL documentation
12 * included with this distribution is covered by the same copyright terms
13 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
14 *
15 * Copyright remains Eric Young's, and as such any Copyright notices in
16 * the code are not to be removed.
17 * If this package is used in a product, Eric Young should be given attribution
18 * as the author of the parts of the library used.
19 * This can be in the form of a textual message at program startup or
20 * in documentation (online or textual) provided with the package.
21 *
22 * Redistribution and use in source and binary forms, with or without
23 * modification, are permitted provided that the following conditions
24 * are met:
25 * 1. Redistributions of source code must retain the copyright
26 * notice, this list of conditions and the following disclaimer.
27 * 2. Redistributions in binary form must reproduce the above copyright
28 * notice, this list of conditions and the following disclaimer in the
29 * documentation and/or other materials provided with the distribution.
30 * 3. All advertising materials mentioning features or use of this software
31 * must display the following acknowledgement:
32 * "This product includes cryptographic software written by
33 * Eric Young (eay@cryptsoft.com)"
34 * The word 'cryptographic' can be left out if the rouines from the library
35 * being used are not cryptographic related :-).
36 * 4. If you include any Windows specific code (or a derivative thereof) from
37 * the apps directory (application code) you must include an acknowledgement:
38 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
39 *
40 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
41 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
42 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
43 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
44 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
45 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
46 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
47 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
48 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
49 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
50 * SUCH DAMAGE.
51 *
52 * The licence and distribution terms for any publically available version or
53 * derivative of this code cannot be changed. i.e. this code cannot simply be
54 * copied and put under another distribution licence
55 * [including the GNU Public Licence.] */
56
57 #include <openssl/evp.h>
58
59 #include <assert.h>
60 #include <string.h>
61
62 #include <openssl/dsa.h>
63 #include <openssl/ec.h>
64 #include <openssl/err.h>
65 #include <openssl/mem.h>
66 #include <openssl/nid.h>
67 #include <openssl/rsa.h>
68 #include <openssl/thread.h>
69
70 #include "internal.h"
71 #include "../internal.h"
72
73
74 // Node depends on |EVP_R_NOT_XOF_OR_INVALID_LENGTH|.
75 //
76 // TODO(davidben): Fix Node to not touch the error queue itself and remove this.
OPENSSL_DECLARE_ERROR_REASON(EVP,NOT_XOF_OR_INVALID_LENGTH)77 OPENSSL_DECLARE_ERROR_REASON(EVP, NOT_XOF_OR_INVALID_LENGTH)
78
79 // The HPKE module uses the EVP error namespace, but it lives in another
80 // directory.
81 OPENSSL_DECLARE_ERROR_REASON(EVP, EMPTY_PSK)
82
83 EVP_PKEY *EVP_PKEY_new(void) {
84 EVP_PKEY *ret;
85
86 ret = OPENSSL_malloc(sizeof(EVP_PKEY));
87 if (ret == NULL) {
88 OPENSSL_PUT_ERROR(EVP, ERR_R_MALLOC_FAILURE);
89 return NULL;
90 }
91
92 OPENSSL_memset(ret, 0, sizeof(EVP_PKEY));
93 ret->type = EVP_PKEY_NONE;
94 ret->references = 1;
95
96 return ret;
97 }
98
free_it(EVP_PKEY * pkey)99 static void free_it(EVP_PKEY *pkey) {
100 if (pkey->ameth && pkey->ameth->pkey_free) {
101 pkey->ameth->pkey_free(pkey);
102 pkey->pkey.ptr = NULL;
103 pkey->type = EVP_PKEY_NONE;
104 }
105 }
106
EVP_PKEY_free(EVP_PKEY * pkey)107 void EVP_PKEY_free(EVP_PKEY *pkey) {
108 if (pkey == NULL) {
109 return;
110 }
111
112 if (!CRYPTO_refcount_dec_and_test_zero(&pkey->references)) {
113 return;
114 }
115
116 free_it(pkey);
117 OPENSSL_free(pkey);
118 }
119
EVP_PKEY_up_ref(EVP_PKEY * pkey)120 int EVP_PKEY_up_ref(EVP_PKEY *pkey) {
121 CRYPTO_refcount_inc(&pkey->references);
122 return 1;
123 }
124
EVP_PKEY_is_opaque(const EVP_PKEY * pkey)125 int EVP_PKEY_is_opaque(const EVP_PKEY *pkey) {
126 if (pkey->ameth && pkey->ameth->pkey_opaque) {
127 return pkey->ameth->pkey_opaque(pkey);
128 }
129 return 0;
130 }
131
EVP_PKEY_cmp(const EVP_PKEY * a,const EVP_PKEY * b)132 int EVP_PKEY_cmp(const EVP_PKEY *a, const EVP_PKEY *b) {
133 if (a->type != b->type) {
134 return -1;
135 }
136
137 if (a->ameth) {
138 int ret;
139 // Compare parameters if the algorithm has them
140 if (a->ameth->param_cmp) {
141 ret = a->ameth->param_cmp(a, b);
142 if (ret <= 0) {
143 return ret;
144 }
145 }
146
147 if (a->ameth->pub_cmp) {
148 return a->ameth->pub_cmp(a, b);
149 }
150 }
151
152 return -2;
153 }
154
EVP_PKEY_copy_parameters(EVP_PKEY * to,const EVP_PKEY * from)155 int EVP_PKEY_copy_parameters(EVP_PKEY *to, const EVP_PKEY *from) {
156 if (to->type != from->type) {
157 OPENSSL_PUT_ERROR(EVP, EVP_R_DIFFERENT_KEY_TYPES);
158 goto err;
159 }
160
161 if (EVP_PKEY_missing_parameters(from)) {
162 OPENSSL_PUT_ERROR(EVP, EVP_R_MISSING_PARAMETERS);
163 goto err;
164 }
165
166 if (from->ameth && from->ameth->param_copy) {
167 return from->ameth->param_copy(to, from);
168 }
169
170 err:
171 return 0;
172 }
173
EVP_PKEY_missing_parameters(const EVP_PKEY * pkey)174 int EVP_PKEY_missing_parameters(const EVP_PKEY *pkey) {
175 if (pkey->ameth && pkey->ameth->param_missing) {
176 return pkey->ameth->param_missing(pkey);
177 }
178 return 0;
179 }
180
EVP_PKEY_size(const EVP_PKEY * pkey)181 int EVP_PKEY_size(const EVP_PKEY *pkey) {
182 if (pkey && pkey->ameth && pkey->ameth->pkey_size) {
183 return pkey->ameth->pkey_size(pkey);
184 }
185 return 0;
186 }
187
EVP_PKEY_bits(const EVP_PKEY * pkey)188 int EVP_PKEY_bits(const EVP_PKEY *pkey) {
189 if (pkey && pkey->ameth && pkey->ameth->pkey_bits) {
190 return pkey->ameth->pkey_bits(pkey);
191 }
192 return 0;
193 }
194
EVP_PKEY_id(const EVP_PKEY * pkey)195 int EVP_PKEY_id(const EVP_PKEY *pkey) {
196 return pkey->type;
197 }
198
199 // evp_pkey_asn1_find returns the ASN.1 method table for the given |nid|, which
200 // should be one of the |EVP_PKEY_*| values. It returns NULL if |nid| is
201 // unknown.
evp_pkey_asn1_find(int nid)202 static const EVP_PKEY_ASN1_METHOD *evp_pkey_asn1_find(int nid) {
203 switch (nid) {
204 case EVP_PKEY_RSA:
205 return &rsa_asn1_meth;
206 case EVP_PKEY_EC:
207 return &ec_asn1_meth;
208 case EVP_PKEY_DSA:
209 return &dsa_asn1_meth;
210 case EVP_PKEY_ED25519:
211 return &ed25519_asn1_meth;
212 case EVP_PKEY_X25519:
213 return &x25519_asn1_meth;
214 default:
215 return NULL;
216 }
217 }
218
EVP_PKEY_type(int nid)219 int EVP_PKEY_type(int nid) {
220 const EVP_PKEY_ASN1_METHOD *meth = evp_pkey_asn1_find(nid);
221 if (meth == NULL) {
222 return NID_undef;
223 }
224 return meth->pkey_id;
225 }
226
EVP_PKEY_set1_RSA(EVP_PKEY * pkey,RSA * key)227 int EVP_PKEY_set1_RSA(EVP_PKEY *pkey, RSA *key) {
228 if (EVP_PKEY_assign_RSA(pkey, key)) {
229 RSA_up_ref(key);
230 return 1;
231 }
232 return 0;
233 }
234
EVP_PKEY_assign_RSA(EVP_PKEY * pkey,RSA * key)235 int EVP_PKEY_assign_RSA(EVP_PKEY *pkey, RSA *key) {
236 return EVP_PKEY_assign(pkey, EVP_PKEY_RSA, key);
237 }
238
EVP_PKEY_get0_RSA(const EVP_PKEY * pkey)239 RSA *EVP_PKEY_get0_RSA(const EVP_PKEY *pkey) {
240 if (pkey->type != EVP_PKEY_RSA) {
241 OPENSSL_PUT_ERROR(EVP, EVP_R_EXPECTING_AN_RSA_KEY);
242 return NULL;
243 }
244 return pkey->pkey.rsa;
245 }
246
EVP_PKEY_get1_RSA(const EVP_PKEY * pkey)247 RSA *EVP_PKEY_get1_RSA(const EVP_PKEY *pkey) {
248 RSA *rsa = EVP_PKEY_get0_RSA(pkey);
249 if (rsa != NULL) {
250 RSA_up_ref(rsa);
251 }
252 return rsa;
253 }
254
EVP_PKEY_set1_DSA(EVP_PKEY * pkey,DSA * key)255 int EVP_PKEY_set1_DSA(EVP_PKEY *pkey, DSA *key) {
256 if (EVP_PKEY_assign_DSA(pkey, key)) {
257 DSA_up_ref(key);
258 return 1;
259 }
260 return 0;
261 }
262
EVP_PKEY_assign_DSA(EVP_PKEY * pkey,DSA * key)263 int EVP_PKEY_assign_DSA(EVP_PKEY *pkey, DSA *key) {
264 return EVP_PKEY_assign(pkey, EVP_PKEY_DSA, key);
265 }
266
EVP_PKEY_get0_DSA(const EVP_PKEY * pkey)267 DSA *EVP_PKEY_get0_DSA(const EVP_PKEY *pkey) {
268 if (pkey->type != EVP_PKEY_DSA) {
269 OPENSSL_PUT_ERROR(EVP, EVP_R_EXPECTING_A_DSA_KEY);
270 return NULL;
271 }
272 return pkey->pkey.dsa;
273 }
274
EVP_PKEY_get1_DSA(const EVP_PKEY * pkey)275 DSA *EVP_PKEY_get1_DSA(const EVP_PKEY *pkey) {
276 DSA *dsa = EVP_PKEY_get0_DSA(pkey);
277 if (dsa != NULL) {
278 DSA_up_ref(dsa);
279 }
280 return dsa;
281 }
282
EVP_PKEY_set1_EC_KEY(EVP_PKEY * pkey,EC_KEY * key)283 int EVP_PKEY_set1_EC_KEY(EVP_PKEY *pkey, EC_KEY *key) {
284 if (EVP_PKEY_assign_EC_KEY(pkey, key)) {
285 EC_KEY_up_ref(key);
286 return 1;
287 }
288 return 0;
289 }
290
EVP_PKEY_assign_EC_KEY(EVP_PKEY * pkey,EC_KEY * key)291 int EVP_PKEY_assign_EC_KEY(EVP_PKEY *pkey, EC_KEY *key) {
292 return EVP_PKEY_assign(pkey, EVP_PKEY_EC, key);
293 }
294
EVP_PKEY_get0_EC_KEY(const EVP_PKEY * pkey)295 EC_KEY *EVP_PKEY_get0_EC_KEY(const EVP_PKEY *pkey) {
296 if (pkey->type != EVP_PKEY_EC) {
297 OPENSSL_PUT_ERROR(EVP, EVP_R_EXPECTING_AN_EC_KEY_KEY);
298 return NULL;
299 }
300 return pkey->pkey.ec;
301 }
302
EVP_PKEY_get1_EC_KEY(const EVP_PKEY * pkey)303 EC_KEY *EVP_PKEY_get1_EC_KEY(const EVP_PKEY *pkey) {
304 EC_KEY *ec_key = EVP_PKEY_get0_EC_KEY(pkey);
305 if (ec_key != NULL) {
306 EC_KEY_up_ref(ec_key);
307 }
308 return ec_key;
309 }
310
EVP_PKEY_get0_DH(const EVP_PKEY * pkey)311 DH *EVP_PKEY_get0_DH(const EVP_PKEY *pkey) { return NULL; }
EVP_PKEY_get1_DH(const EVP_PKEY * pkey)312 DH *EVP_PKEY_get1_DH(const EVP_PKEY *pkey) { return NULL; }
313
EVP_PKEY_assign(EVP_PKEY * pkey,int type,void * key)314 int EVP_PKEY_assign(EVP_PKEY *pkey, int type, void *key) {
315 if (!EVP_PKEY_set_type(pkey, type)) {
316 return 0;
317 }
318 pkey->pkey.ptr = key;
319 return key != NULL;
320 }
321
EVP_PKEY_set_type(EVP_PKEY * pkey,int type)322 int EVP_PKEY_set_type(EVP_PKEY *pkey, int type) {
323 const EVP_PKEY_ASN1_METHOD *ameth;
324
325 if (pkey && pkey->pkey.ptr) {
326 free_it(pkey);
327 }
328
329 ameth = evp_pkey_asn1_find(type);
330 if (ameth == NULL) {
331 OPENSSL_PUT_ERROR(EVP, EVP_R_UNSUPPORTED_ALGORITHM);
332 ERR_add_error_dataf("algorithm %d", type);
333 return 0;
334 }
335
336 if (pkey) {
337 pkey->ameth = ameth;
338 pkey->type = pkey->ameth->pkey_id;
339 }
340
341 return 1;
342 }
343
EVP_PKEY_new_raw_private_key(int type,ENGINE * unused,const uint8_t * in,size_t len)344 EVP_PKEY *EVP_PKEY_new_raw_private_key(int type, ENGINE *unused,
345 const uint8_t *in, size_t len) {
346 EVP_PKEY *ret = EVP_PKEY_new();
347 if (ret == NULL ||
348 !EVP_PKEY_set_type(ret, type)) {
349 goto err;
350 }
351
352 if (ret->ameth->set_priv_raw == NULL) {
353 OPENSSL_PUT_ERROR(EVP, EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE);
354 goto err;
355 }
356
357 if (!ret->ameth->set_priv_raw(ret, in, len)) {
358 goto err;
359 }
360
361 return ret;
362
363 err:
364 EVP_PKEY_free(ret);
365 return NULL;
366 }
367
EVP_PKEY_new_raw_public_key(int type,ENGINE * unused,const uint8_t * in,size_t len)368 EVP_PKEY *EVP_PKEY_new_raw_public_key(int type, ENGINE *unused,
369 const uint8_t *in, size_t len) {
370 EVP_PKEY *ret = EVP_PKEY_new();
371 if (ret == NULL ||
372 !EVP_PKEY_set_type(ret, type)) {
373 goto err;
374 }
375
376 if (ret->ameth->set_pub_raw == NULL) {
377 OPENSSL_PUT_ERROR(EVP, EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE);
378 goto err;
379 }
380
381 if (!ret->ameth->set_pub_raw(ret, in, len)) {
382 goto err;
383 }
384
385 return ret;
386
387 err:
388 EVP_PKEY_free(ret);
389 return NULL;
390 }
391
EVP_PKEY_get_raw_private_key(const EVP_PKEY * pkey,uint8_t * out,size_t * out_len)392 int EVP_PKEY_get_raw_private_key(const EVP_PKEY *pkey, uint8_t *out,
393 size_t *out_len) {
394 if (pkey->ameth->get_priv_raw == NULL) {
395 OPENSSL_PUT_ERROR(EVP, EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE);
396 return 0;
397 }
398
399 return pkey->ameth->get_priv_raw(pkey, out, out_len);
400 }
401
EVP_PKEY_get_raw_public_key(const EVP_PKEY * pkey,uint8_t * out,size_t * out_len)402 int EVP_PKEY_get_raw_public_key(const EVP_PKEY *pkey, uint8_t *out,
403 size_t *out_len) {
404 if (pkey->ameth->get_pub_raw == NULL) {
405 OPENSSL_PUT_ERROR(EVP, EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE);
406 return 0;
407 }
408
409 return pkey->ameth->get_pub_raw(pkey, out, out_len);
410 }
411
EVP_PKEY_cmp_parameters(const EVP_PKEY * a,const EVP_PKEY * b)412 int EVP_PKEY_cmp_parameters(const EVP_PKEY *a, const EVP_PKEY *b) {
413 if (a->type != b->type) {
414 return -1;
415 }
416 if (a->ameth && a->ameth->param_cmp) {
417 return a->ameth->param_cmp(a, b);
418 }
419 return -2;
420 }
421
EVP_PKEY_CTX_set_signature_md(EVP_PKEY_CTX * ctx,const EVP_MD * md)422 int EVP_PKEY_CTX_set_signature_md(EVP_PKEY_CTX *ctx, const EVP_MD *md) {
423 return EVP_PKEY_CTX_ctrl(ctx, -1, EVP_PKEY_OP_TYPE_SIG, EVP_PKEY_CTRL_MD, 0,
424 (void *)md);
425 }
426
EVP_PKEY_CTX_get_signature_md(EVP_PKEY_CTX * ctx,const EVP_MD ** out_md)427 int EVP_PKEY_CTX_get_signature_md(EVP_PKEY_CTX *ctx, const EVP_MD **out_md) {
428 return EVP_PKEY_CTX_ctrl(ctx, -1, EVP_PKEY_OP_TYPE_SIG, EVP_PKEY_CTRL_GET_MD,
429 0, (void *)out_md);
430 }
431
EVP_PKEY_get0(const EVP_PKEY * pkey)432 void *EVP_PKEY_get0(const EVP_PKEY *pkey) {
433 // Node references, but never calls this function, so for now we return NULL.
434 // If other projects require complete support, call |EVP_PKEY_get0_RSA|, etc.,
435 // rather than reading |pkey->pkey.ptr| directly. This avoids problems if our
436 // internal representation does not match the type the caller expects from
437 // OpenSSL.
438 return NULL;
439 }
440
OpenSSL_add_all_algorithms(void)441 void OpenSSL_add_all_algorithms(void) {}
442
OPENSSL_add_all_algorithms_conf(void)443 void OPENSSL_add_all_algorithms_conf(void) {}
444
OpenSSL_add_all_ciphers(void)445 void OpenSSL_add_all_ciphers(void) {}
446
OpenSSL_add_all_digests(void)447 void OpenSSL_add_all_digests(void) {}
448
EVP_cleanup(void)449 void EVP_cleanup(void) {}
450
EVP_PKEY_base_id(const EVP_PKEY * pkey)451 int EVP_PKEY_base_id(const EVP_PKEY *pkey) {
452 // OpenSSL has two notions of key type because it supports multiple OIDs for
453 // the same algorithm: NID_rsa vs NID_rsaEncryption and five distinct spelling
454 // of DSA. We do not support these, so the base ID is simply the ID.
455 return EVP_PKEY_id(pkey);
456 }
457